On Mon, 3 Sep 2001, Ignacio Vazquez-Abrams wrote:
> On Mon, 3 Sep 2001, Wayne Ringling wrote:
>> > I have been researching a way to somehow run a script in a c wrapper as
> > root. I have created a python script to alter the password and shadow files
> > to add,delete,change users for an online community project my group is
> > working on. Can someone point me to a reference/how to about how I can do
> > this. I have created a session persistent cookie/database system to monitor
> > state between pages and login/logout. I just need a way to run the script
> > as root securely. Or is that just a pipedream? I would love to entertain
> > any other ideas on how I can do this.
> >
> > Wayne
>> You said "run as root" and "securely" in the same sentence relating to CGI.
> You're funny!
>> There is no way to make it entirely secure, but you can start by getting the
> script that changes the password OUT of any directory directly-accesible by
> the web server. Then make a script that verifies EVERYTHING about the
> information (i.e., minimum uid, length of password, etc.) and then, and _only_
> then, should you call the other script (which has been made suid root, and
> possibly sgid root) to do the changes.
My bad. Setting scripts suid/sgid doesn't matter because it only works on
executables.
Take a look at a little program called sudo which allows execution of any
program as root.
--
Ignacio Vazquez-Abrams <ignacio at openservices.net>